public void RemoveUrlAcl(string url)
{
using (new HttpInitializeScope())
{
UrlAcl urlAcl = new UrlAcl();
urlAcl.Prefix = url;
urlAcl.Delete();
}
}
private static void ShowUrlAcl(string[] args, CertificateBindingConfiguration configuration)
{
var format = "{0,-40} {1,-39}";
Console.WriteLine(format, "Prefix", "SDDL");
Console.WriteLine("{0} {1}", new string('-', 40), new string('-', 39));
foreach (var urlAcl in UrlAcl.GetAllBindings())
{
Console.WriteLine(format, urlAcl.Prefix, urlAcl.Sddl);
}
}
private UrlAcl GetUrlReservation(string url)
{
foreach (UrlAcl acl in UrlAcl.GetAllBindings())
{
if (string.Equals(acl.Prefix, url, StringComparison.OrdinalIgnoreCase))
{
return(acl);
}
}
return(null);
}
public void CreateNewHttpReservations(HttpSysHostingOptions originalOptions, HttpSysHostingOptions newOptions, List <Action> rollbackActions)
{
string httpOld = originalOptions.BuildHttpUrlPrefix();
string httpsOld = originalOptions.BuildHttpsUrlPrefix();
string httpNew = newOptions.BuildHttpUrlPrefix();
string httpsNew = newOptions.BuildHttpsUrlPrefix();
UrlAcl existingHttpOld = this.GetUrlReservation(httpOld);
if (existingHttpOld != null)
{
UrlAcl.Delete(existingHttpOld.Prefix);
rollbackActions.Add(() => UrlAcl.Create(existingHttpOld.Prefix, existingHttpOld.Sddl));
}
UrlAcl existingHttpsOld = this.GetUrlReservation(httpsOld);
if (existingHttpsOld != null)
{
UrlAcl.Delete(existingHttpsOld.Prefix);
rollbackActions.Add(() => UrlAcl.Create(existingHttpsOld.Prefix, existingHttpsOld.Sddl));
}
UrlAcl existingHttpNew = this.GetUrlReservation(httpNew);
if (existingHttpNew != null)
{
UrlAcl.Delete(existingHttpNew.Prefix);
rollbackActions.Add(() => UrlAcl.Create(existingHttpNew.Prefix, existingHttpNew.Sddl));
}
UrlAcl existingHttpsNew = this.GetUrlReservation(httpsNew);
if (existingHttpsNew != null)
{
UrlAcl.Delete(existingHttpsNew.Prefix);
rollbackActions.Add(() => UrlAcl.Create(existingHttpsNew.Prefix, existingHttpsNew.Sddl));
}
this.CreateUrlReservation(httpNew, this.windowsServiceProvider.ServiceSid);
rollbackActions.Add(() => UrlAcl.Delete(httpNew));
this.registryProvider.HttpAcl = httpNew;
rollbackActions.Add(() => this.registryProvider.HttpAcl = httpOld);
this.CreateUrlReservation(httpsNew, this.windowsServiceProvider.ServiceSid);
rollbackActions.Add(() => UrlAcl.Delete(httpsNew));
this.registryProvider.HttpsAcl = httpsNew;
rollbackActions.Add(() => this.registryProvider.HttpsAcl = httpsOld);
}
public void SetUrlAcl(string url, SecurityDescriptor securityDescriptor)
{
using (new HttpInitializeScope())
{
if (securityDescriptor == null)
{
RemoveUrlAcl(url);
return;
}
var urlAcl = new UrlAcl();
urlAcl.Prefix = url;
urlAcl.SecurityDescriptor = securityDescriptor;
urlAcl.Update();
}
}
public IEnumerable <UrlAcl> GetAclInfo()
{
using (new HttpInitializeScope())
{
UrlAcl urlAcl;
int i = 0;
do
{
urlAcl = UrlAcl.Get(i);
if (urlAcl != null)
{
yield return(urlAcl);
}
i++;
} while(urlAcl != null);
}
}
private static void Main(string[] args)
{
var configuration = new CertificateBindingConfiguration();
string command = args.Length > 0 ? args[0].ToLowerInvariant() : string.Empty;
switch (command)
{
case "show":
Show(args, configuration);
break;
case "bind":
Bind(args, configuration);
break;
case "delete":
Delete(args, configuration);
break;
case "showurl":
ShowUrlAcl(args, configuration);
break;
case "addurl":
{
UrlAcl.Create(args[1], args[2]);
}
break;
case "rmurl":
{
UrlAcl.Delete(args[1]);
}
break;
default:
Console.WriteLine("Use \r\n'show [<IP:port>]' command to show all SSL Certificate bindings, \r\n'delete <IP:port>' to remove a binding and \r\n'bind <certificateThumbprint> <certificateStoreName> <IP:port> <appId>' to add or update a binding.\r\nshowurl\tShow a list of all url acls");
break;
}
}
public bool IsReservationInUse(string newurl, out string user)
{
user = null;
UrlAcl acl = this.GetUrlReservation(newurl);
if (acl == null)
{
return(false);
}
SecurityIdentifier currentOwner = null;
CommonSecurityDescriptor sd = new CommonSecurityDescriptor(false, false, acl.Sddl);
foreach (CommonAce dacl in sd.DiscretionaryAcl.OfType <CommonAce>())
{
if (dacl.SecurityIdentifier == this.windowsServiceProvider.ServiceSid)
{
return(false);
}
currentOwner = dacl.SecurityIdentifier;
}
if (currentOwner == null)
{
return(false);
}
try
{
user = ((NTAccount)currentOwner.Translate(typeof(NTAccount))).Value;
}
catch
{
user = currentOwner.ToString();
}
return(true);
}
private void RemoveACL(UrlAcl acl)
{
new HttpAPIManager().RemoveUrlAcl(acl.Prefix);
ViewModel.Acls.Remove(acl);
}
private void CreateUrlReservation(string url, SecurityIdentifier sid)
{
UrlAcl.Create(url, string.Format(SddlTemplate, sid));
}
